Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001973Piwigosecuritypublic2010.10.29 23:452010.10.30 00:37
Assigned Toplg 
PrioritynormalSeverityminorReproducibilityhave not tried
PlatformOSOS Version
Product Version2.1.3 
Target Version2.1.4Fixed in Version2.1.4 
Summary0001973: [comments.php] SQL query on error (and displayed) when category id is unknown
DescriptionOn comments.php, the category_id is transmitted with a $_GET parameter and if the user set a non-existing category_id then Piwigo generates an SQL syntax error and the SQL query is displayed.

There is no vulnerability but we should avoid the SQL syntax error if we know the category doesn't exist!
TagsNo tags attached.
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
svn (reporter)
2010.10.30 00:33

[Subversion] r7487 by plg on branch 2.1

-----[Subversion commit log]----------------------------------------------------
bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is
svn (reporter)
2010.10.30 00:34

[Subversion] r7488 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
merge r7487 from branch 2.1 to trunk

bug 1973 fixed: aboid SQL syntax error if the category id given in the URL is

- Issue History
Date Modified Username Field Change
2010.10.29 23:45 plg New Issue
2010.10.29 23:45 plg Status new => assigned
2010.10.29 23:45 plg Assigned To => plg
2010.10.29 23:45 plg browser => any
2010.10.29 23:45 plg Web server => Apache 1.3.x
2010.10.30 00:33 svn Checkin
2010.10.30 00:33 svn Note Added: 0004410
2010.10.30 00:34 svn Checkin
2010.10.30 00:34 svn Note Added: 0004411
2010.10.30 00:37 plg Status assigned => closed
2010.10.30 00:37 plg Resolution open => fixed
2010.10.30 00:37 plg Fixed in Version => 2.1.4

Copyright © 2000 - 2015 MantisBT Team
Powered by Mantis Bugtracker